lo5tr (lo5tr) asked a question.
Okta global session cookies persist across browser sessions Not Working For Us
We created a Global Session Policy with
"Maximum Okta global session lifetime" set to "No time limit"
"Maximum Okta global session idle time" set to "1 Days"
"Okta global session cookies persist across browser sessions" set to "Enable"
and assigned to group "SCC-Admin" but it has no effect on the users in that group. We expected to get Persistent Cookies instead of Session Cookies which would allow those users to stay logged in after closing browser
@lo5tr (lo5tr)
These two links may help (Not sure if your users in SCC-Admin groups are admins - Please checkpout the note in the second link below). You can try first link to see if it works
https://support.okta.com/help/s/article/How-to-set-up-persistentcookie-true?language=en_US
https://support.okta.com/help/s/article/understanding-the-behavior-of-enabling-okta-global-session-cookies-persist-across-browser-sessions?language=en_US
HTH
-Bala
Thank you for your response and next steps.
My initial test was in fact with an Admin user. So I am now testing with a non-Admin user with the same results.
The first link, "How to Configure Persistent Cookie Sessions for End Users Using Postman", suggests that we may need to run a command in Postman against our Okta account in order for this to work.
So I am attempting to follow those instructions.
I am having trouble with the first step: Instructions for the Installation and Configuration of Postman<https://developer.okta.com/code/rest/>.
I have made it through the first 3 steps:
1. Sign up for Okta<https://developer.okta.com/docs/reference/rest/#sign-up-for-okta> if you don't have an existing Okta org.
2. Set up your Postman environment<https://developer.okta.com/docs/reference/rest/#set-up-your-postman-environment>.
3. Import the Okta collection<https://developer.okta.com/docs/reference/rest/#import-a-collection> that you want to test.
4. Set up Okta for API access<https://developer.okta.com/docs/reference/rest/#set-up-okta-for-api-access>.
But I am having trouble on the fourth step "Set up Okta for API access"
I have followed the User-based API access setup<https://developer.okta.com/docs/reference/rest/#user-based-api-access-setup>:
I completed "Create an OIDC app in Okta"
but am having trouble with "Get an access token and make a request<https://developer.okta.com/docs/reference/rest/#get-an-access-token-and-make-a-request>." Perhaps I configured something wrong because when I press the <Get New Access Token> button, I get an "Okta 400 Bad Request".
Could you help me get the "Get an access token and make a request<https://developer.okta.com/docs/reference/rest/#get-an-access-token-and-make-a-request>." to work so that my Postman app can work with my Okta account?
Thanks,
John Buuck
Sr. Programmer
john.buuck@sccmediaserver.com<mailto:john.buuck@sccmediaserver.com>
http://www.sccmediaserver.com<http://www.sccmediaserver.com/>
770-751-8500 ext 257
@lo5tr (lo5tr) Hopefully this link below should help (if you stil have issues please open a support ticket)
https://www.youtube.com/watch?v=e48wIplOsxs
{"errorCode":"E0000005","errorSummary":"Invalid session","errorLink":"E0000005","errorId":"oaer_EH8R03RxmfN6BGvAEpNQ","errorCauses":[]}
I have a developer account so am not able to open a support ticket.
Are you able to offer any further help on getting past this issue integrating Okta with Postman or getting Persistent Cookies to work?
John Buuck
Sr. Programmer
john.buuck@sccmediaserver.com<mailto:john.buuck@sccmediaserver.com>
http://www.sccmediaserver.com<http://www.sccmediaserver.com/>
770-751-8500 ext 257
@lo5tr (lo5tr) The reason you are getting error is you havent either obtained access token or after you have got the token you havent asked postman to use it in your REST API call ..
the gist is that your REST API call is trying to call API without access (auhorization) and thats resulting in an error
DO you get an access token in postman.
For this your callback url setting in postman under Oauth 2.0 must not be grayed out .. Is yours?
Please let me know and will try to assist
Thanks
-Bala
So specifically, callback url setting in postman under Oauth 2.0 is NOT greyed out and is set to the default (http://localhost:8080/authorization-code/callback) as given in the tutorial. And after pressing <Get New Access Token> it does put up a dialog and upon pressing <Proceed> and then <Use Token> it fills in the Token field. I was a little surprised that the tutorial had me uncheck the Header called "Authorization" but I see that if I do check it then there is a message saying this would be a duplicate header and would be overridden by the Authorization header generated by Postman. And either way (checked or not) I get the same 403 Forbidden. Also, I do see in the Postman Console that the Request Headers that are sent are (Accept, Content-Type, and Authorization) and the Authorization header specifies the generated Token.
John Buuck
Sr. Programmer
john.buuck@sccmediaserver.com<mailto:john.buuck@sccmediaserver.com>
http://www.sccmediaserver.com<http://www.sccmediaserver.com/>
770-751-8500 ext 257
On the "Get CUrrent User" API, go to header and uncheck SSWS as shown below
Then when you get access token like below, click on Use token prior to hitting send to make API call.. This should yeild you result (if you have scopes set, and user authorized for the app)
HTH
-Bala
John Buuck
Sr. Programmer
john.buuck@sccmediaserver.com<mailto:john.buuck@sccmediaserver.com>
http://www.sccmediaserver.com<http://www.sccmediaserver.com/>
770-751-8500 ext 257
if everything good (user is authorized for the OIDC app, scope set correctly, acces token used) etc then you should get a 200 response and result as shown above..
If you are notgettying that then i would trace back to all settings url'e etc and make sure there are no issues. Please let me know if you are able to make progress
HTH
-Bala
@lo5tr (lo5tr)
two things to check for sure
1) the OIDC apps , under API scopes tab, you have clicked the grant link next to okta.users.read
2) the user that you are authenticating as when prompted by postman to get access token, is assigned to the app (under assignment)
also user is not in a group that have policies attached which may be causing issues
please let us know
-Bala